<?php

$servername = "localhost";
$username = "root";
$password = "";
$dbname = "movie";

$name=$_POST['movieusername'];
$pwd=$_POST['movieuserpassword'];
$re='/( and )|( or )|( AND )|( OR )|(--)|\'|\"|=/';
//匹配的正则表达式
if(!preg_match($re,$name)) {
    $conn = new mysqli($servername, $username, $password, $dbname);
    if ($conn->connect_error) {
        die("连接失败: " . $conn->connect_error);
    }
    $sql = "SELECT password FROM users  where username=\"" . $name . "\"";
    $result = $conn->query($sql);

    $row = mysqli_fetch_row($result);
    if ($row != null) {
        $truepwd = $row[0];
        if ($pwd == $truepwd) {
            show_movies();
        } else {
            echo 'password wrong!';
        }
    } else {
        echo 'NO USER';
    }
    $conn->close();
}else{
    echo '用户名不符合规则';
}



function show_movies(){
    $servername = "119.23.182.180";
    $username = "srp";
    $password = "srp";
    $dbname = "movie";

// 创建连接
    $conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
    if ($conn->connect_error) {
        die("连接失败: " . $conn->connect_error);
    }

    $sql = "SELECT Id, Title, Year FROM movies  ORDER By Year";
    $result = $conn->query($sql);

    echo "<table border='1'>
<tr>
<th>序号</th>
<th>电影名字</th>
<th>上映年代</th>
</tr>";

    $result = $conn->query($sql);

    if ($result->num_rows > 0) {
        // 输出数据
        while($row = $result->fetch_assoc()) {
            echo "<tr>";
            echo "<td>" . $row['Id'] . "</td>";
            echo "<td>" . $row['Title'] . "</td>";
            echo "<td>" . $row['Year'] . "</td>";
            echo "</tr>";
        }
    } else {
        echo "</table>";
    }
    $conn->close();
}
?>